Branch protection rule wildcards and the Branches API endpoint

If I have a branch protection rule configured as:


and I have 3 branches:


all matching that rule, and now I want to delete the dev_foo2 branch, the only way to do that is to first delete that branch protection rule, then delete the branch, then reapply the rule. Ouch :slight_smile:

According to the API doc, this should remove branch protection from ‘dev_foo2’:

DELETE   /repos/:owner/:repo/branches/dev_foo2/protection

but it does not. It does not return an error, but it also does not remove or disable branch protection for that particular branch.

Is this due to the wildcard regex perhaps? It appears the API is not able to handle wildcards as input, so I am guessing it is somehow related?

Is there a way to remove or disable the branch protection for a specific branch through the API using any other endpoint, for example?

Thanks in advance!

The reason why you’re not getting an error when trying to delete the dev_foo2 branch protection rule is that no such rule exists. I just created two branch protection rules (one for master and one for dev* like yours) and created three branches (dev_foo{1|2|3}) on my test repository and then ran this GraphQL query:

query {
  repository(owner: "lee-dohm", name: "test-repo") {
    branchProtectionRules(first: 10) {
      nodes {

which returned these results:

  "data": {
    "repository": {
      "branchProtectionRules": {
        "nodes": [
            "pattern": "master"
            "pattern": "dev*"

There is no individual branch protection rule for dev_foo2, just the dev* rule. So if you want to delete dev_foo2, you’ll have to delete the dev* rule, then delete dev_foo2, then reinstante the dev* rule as you described.

I hope that helps!

@lee-dohm Is this currently only possible via v4 and GraphQL? (possible to curl?)

It seems to me v3 doesn’t have the same resource structure as the current Github branch protection rules structure.

Please checkout v4 mutations, specifically deleteBranchProtectionRule and createBranchProtectionRule.

@leoskyrocker I’m not sure what you’re asking. Are you asking if deleting branch protection only for dev_foo2 is possible using GraphQL when the matching rule pattern is dev*? No, it is not possible with either REST or GraphQL.

Thanks @lee-dohm. My questions are:

  1. Is it possible to to modify branch protection rules via v3 HTTP calls?
  2. If answer to Q1 is no, can v4 be used without setting up GraphQL, i.e. by simply using HTTP requests via the unix utility ‘curl’?

For more context, we have a branch protection rule in all of our repos which matches ‘^[dm][ea][vs]’ in attempt to match both develop or master, but it seems that in v3 HTTP calls it is impossible to male modification to the rules.

You can find the documentation for REST API branch protection in our developer documentation. You can also find documentation on how to use cURL for GraphQL there.

I hope that helps!

1 Like